Fix CVE-2018-14044 and CVE-2018-14045:

https://gitlab.com/soundtouch/soundtouch/issues/7
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14044
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14045

Patch copied from upstream source repository:

https://gitlab.com/soundtouch/soundtouch/commit/107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260

From 107f2c5d201a4dfea1b7f15c5957ff2ac9e5f260 Mon Sep 17 00:00:00 2001
From: oparviainen <oparviai@iki.fi>
Date: Sun, 12 Aug 2018 20:00:56 +0300
Subject: [PATCH] Replaced illegal-number-of-channel assertions with run-time
 exception

---
 include/FIFOSamplePipe.h               | 12 ++++++++++++
 include/STTypes.h                      |  3 +++
 source/SoundTouch/FIFOSampleBuffer.cpp |  3 ++-
 source/SoundTouch/RateTransposer.cpp   |  5 ++---
 source/SoundTouch/SoundTouch.cpp       |  8 ++------
 source/SoundTouch/TDStretch.cpp        |  5 ++---
 6 files changed, 23 insertions(+), 13 deletions(-)

diff --git a/include/FIFOSamplePipe.h b/include/FIFOSamplePipe.h
index 4ec9275..b08f836 100644
--- a/include/FIFOSamplePipe.h
+++ b/include/FIFOSamplePipe.h
@@ -51,6 +51,18 @@ namespace soundtouch
 /// Abstract base class for FIFO (first-in-first-out) sample processing classes.
 class FIFOSamplePipe
 {
+protected:
+
+    bool verifyNumberOfChannels(int nChannels) const
+    {
+        if ((nChannels > 0) && (nChannels <= SOUNDTOUCH_MAX_CHANNELS))
+        {
+            return true;
+        }
+        ST_THROW_RT_ERROR("Error: Illegal number of channels");
+        return false;
+    }
+
 public:
     // virtual default destructor
     virtual ~FIFOSamplePipe() {}
diff --git a/include/STTypes.h b/include/STTypes.h
index 03e7e07..862505e 100644
--- a/include/STTypes.h
+++ b/include/STTypes.h
@@ -56,6 +56,9 @@ typedef unsigned long   ulong;
 
 namespace soundtouch
 {
+    /// Max allowed number of channels
+    #define SOUNDTOUCH_MAX_CHANNELS     16
+
     /// Activate these undef's to overrule the possible sampletype 
     /// setting inherited from some other header file:
     //#undef SOUNDTOUCH_INTEGER_SAMPLES
diff --git a/source/SoundTouch/FIFOSampleBuffer.cpp b/source/SoundTouch/FIFOSampleBuffer.cpp
index f0d5e42..706e869 100644
--- a/source/SoundTouch/FIFOSampleBuffer.cpp
+++ b/source/SoundTouch/FIFOSampleBuffer.cpp
@@ -73,7 +73,8 @@ void FIFOSampleBuffer::setChannels(int numChannels)
 {
     uint usedBytes;
 
-    assert(numChannels > 0);
+    if (!verifyNumberOfChannels(numChannels)) return;
+
     usedBytes = channels * samplesInBuffer;
     channels = (uint)numChannels;
     samplesInBuffer = usedBytes / channels;
diff --git a/source/SoundTouch/RateTransposer.cpp b/source/SoundTouch/RateTransposer.cpp
index 8b66be3..d115a4c 100644
--- a/source/SoundTouch/RateTransposer.cpp
+++ b/source/SoundTouch/RateTransposer.cpp
@@ -179,11 +179,10 @@ void RateTransposer::processSamples(const SAMPLETYPE *src, uint nSamples)
 // Sets the number of channels, 1 = mono, 2 = stereo
 void RateTransposer::setChannels(int nChannels)
 {
-    assert(nChannels > 0);
+    if (!verifyNumberOfChannels(nChannels) ||
+        (pTransposer->numChannels == nChannels)) return;
 
-    if (pTransposer->numChannels == nChannels) return;
     pTransposer->setChannels(nChannels);
-
     inputBuffer.setChannels(nChannels);
     midBuffer.setChannels(nChannels);
     outputBuffer.setChannels(nChannels);
diff --git a/source/SoundTouch/SoundTouch.cpp b/source/SoundTouch/SoundTouch.cpp
index 7b6756b..06bdd56 100644
--- a/source/SoundTouch/SoundTouch.cpp
+++ b/source/SoundTouch/SoundTouch.cpp
@@ -139,18 +139,14 @@ uint SoundTouch::getVersionId()
 // Sets the number of channels, 1 = mono, 2 = stereo
 void SoundTouch::setChannels(uint numChannels)
 {
-    /*if (numChannels != 1 && numChannels != 2) 
-    {
-        //ST_THROW_RT_ERROR("Illegal number of channels");
-        return;
-    }*/
+    if (!verifyNumberOfChannels(numChannels)) return;
+
     channels = numChannels;
     pRateTransposer->setChannels((int)numChannels);
     pTDStretch->setChannels((int)numChannels);
 }
 
 
-
 // Sets new rate control value. Normal rate = 1.0, smaller values
 // represent slower rate, larger faster rates.
 void SoundTouch::setRate(double newRate)
diff --git a/source/SoundTouch/TDStretch.cpp b/source/SoundTouch/TDStretch.cpp
index 149cdb9..be2dc88 100644
--- a/source/SoundTouch/TDStretch.cpp
+++ b/source/SoundTouch/TDStretch.cpp
@@ -588,9 +588,8 @@ void TDStretch::setTempo(double newTempo)
 // Sets the number of channels, 1 = mono, 2 = stereo
 void TDStretch::setChannels(int numChannels)
 {
-    assert(numChannels > 0);
-    if (channels == numChannels) return;
-//    assert(numChannels == 1 || numChannels == 2);
+    if (!verifyNumberOfChannels(numChannels) ||
+        (channels == numChannels)) return;
 
     channels = numChannels;
     inputBuffer.setChannels(channels);
-- 
2.18.0

